Session TrackingServlets

IntroductionFor implementing flexible business transactions across multiple requests and responses, we need two facilities

• Session : The server should be able to identify that a series of requests from a single client forms a single working session.

• State : The server should be able to remember information related to previous requests and other business decisions that are made for requests.

Approaches for session tracking

There are typically 3 approaches for session tracking:-

1. URL Rewriting

2. Cookies

3. Hidden form fields.

Url RewritingIn this approach , the token is embedded in each URL .In each dynamically

generated page, the server embeds an extra query parameter,or extra

information,in each URL in the page.When the client submits requests

using such URLs , the token is retransmitted to the server.

For example:

http://www.myserver.com/servlet/demo;uid=mca?name=‘kiran’&div=‘a’

In this example the server is www.myserver.com

and the resource path is /demo;uid=mca, rest is the query string.

Here uid is unique token having value=mca

CookiesCookies are one of the most refined forms of token that clients and servers can exchange. A cookie contains a name-value pair with certain additional attributes, exchanged in the response and request headers.Web servers send a cookie by sending the Set-Cookie response header in the following format:

Set-Cookie: Name=value;Comment=COMMENT;Domain=DomainName;Maxage=seconds;Path=path

For example :Set-Cookie;uid=mca;Max-age=3600;Domain=“.myserver.com”

Servlet API provides a class called javax.servlet.http.Cookie that represents a cookie from the perspective of the servlet.

Cookie c=new Cookie(“uid”,”mca”);c.setMaxAge(60*60);c.setDomain(“.myserver.com”);

Hidden Form FieldsIn this approach , the unique token is embedded within each HTML form. For example , the following HTML specifies an input control of type HIDDEN

<input type=“HIDDEN” Name=“uid” value=“mca”>

Session Creation and TrackingMethods from HttpServletRequest interface for creating and tracking HttpSession objects are:

public HttpSession getSession(boolean true);

public HttpSession getSession();

HttpSession InterfaceHttpSession interface has following methods:public Object getAttribute(String name)public Enumeration getAttributes()public long getCreationTime()public String getID()public long getLastAccessedTime()public int getMaxInactiveInterval()public void invalidate()public boolean isNew()public void removeAttribute(String name)public void setAttribute(String name)public void setMaxInactiveInterval(int interval)